Postgres Pro
Downloads
Home   >   mailing lists

Re: Updates of SE-PostgreSQL 8.4devel patches (r1268) - Mailing list pgsql-hackers

From KaiGai Kohei
Subject Re: Updates of SE-PostgreSQL 8.4devel patches (r1268)
Date
Msg-id 4941BC24.4020803@ak.jp.nec.com
Whole thread Raw
In response to Re: Updates of SE-PostgreSQL 8.4devel patches (r1268)  (KaiGai Kohei <kaigai@ak.jp.nec.com>)
Responses Re: Updates of SE-PostgreSQL 8.4devel patches (r1268)  (KaiGai Kohei <kaigai@ak.jp.nec.com>)
List pgsql-hackers
Tree view 
KaiGai Kohei wrote:
> Gregory Stark wrote:
>> Peter Eisentraut <peter_e@gmx.net> writes:
>>
>>> On Thursday 11 December 2008 18:32:50 Tom Lane wrote:
>>>>> How can we stick all of these in the same column at the same time?
>>>> Why would we want to?
>>> Because we want to use SQL-based row access control and SELinux-based 
>>> row access control at the same time.  Isn't this exactly one of the 
>>> objections upthread?  Both must be available at the same time.
>>
>> Well I don't think anyone would actually want them *at the same time*.
>> Combining multiple security models would mean you aren't actually 
>> following
>> any security model.
>>
>> But I don't like the idea of making it a compile-time switch. Having 
>> to ship
>> separate packages for different compile-time options is really an awful
>> solution from the distribution's point of view. And it doesn't scale 
>> either --
>> if we got another such option they would have 2^n combinations.
>>
>> Distributions like to set distribution-wide policies like "compile with X
>> support". It doesn't mean you can't run those programs without 
>> actually using
>> that support, as in "emacs -nw". It would be nice to have the option at
>> run-time of whether to use selinux or row-acl support instead.
>>
>> I think we need to separate out the --enable-selinux which would merely
>> compile in the support for selinux from the switch to control whether we
>> actually have selinux turned on. Make that either an initdb option or a
>> per-database option like we have with collation/encoding.

I prefer an initdb option, because SE-PostgreSQL assigns its security
context for inserted tuples during bootstraping mode also, so we need
to make clear what security mechanism should be activate on initdb time
at least.
It will be possible to switch via $PGDATA/postgresql.conf. I assume
this change should not be happen so frequently.

Proposed initdb option, like:  $ initdb --pgace-security=(selinux|rowacl)

And, the setting is written out to $PGDATA/postgresql.conf

Thanks,
-- 
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai@ak.jp.nec.com>

pgsql-hackers by date:

Previous
From: KaiGai Kohei
Date:
Subject: Re: Updates of SE-PostgreSQL 8.4devel patches (r1268)
Next
From: Tom Lane
Date:
Subject: Re: Mostly Harmless: Welcoming our C++ friends